Faddom Help Center

Faddom is not receiving network traffic from VMware. How I can debug it?

Troubleshooting steps:
 
Netflow:
1) Check the Faddom Sensor:
Go to Settings -> Sensors and make sure that the sensor that you configured to receive netflow is available (there should be a green check mark at the beginning of the row). If there is a red X, then the server failed to communicate with the sensor. First make sure that there is a sensor installed on the server. If not, you can click on new and there are links there to get the installation packages for Windows or Linux Sensors. Next, make sure that the firewall is allowing traffic from the Faddom server to the sensor. If you have multiple sensors, make sure they are all available.
 
2) Check that the sensor is receiving Netflow traffic
Click on the debug information icon for the sensor in the sensors screen (question mark icon on the right hand side). This should open up a debug information popup with details on the traffic the sensor is receiving. In the debug information, you should have a list of detected protocols. Verify that Netflow is among them.
If Netflow is listed, then the sensor is receiving netflow and you can move to step 5.
 
3) Check VMware switch configuration
Connect to Vcenter and check the switch configuration. Under Settings -> Edit netflow, the collector ip address should be set to the Faddom Sensor. In addition, under each distributed port group that you wish to get traffic for, go to Edit Settings -> Monitoring to make sure netflow is enabled. Netflow should also be enabled for the uplink port group.
 
4) Check the firewall
If you are still not receiving netflow traffic, check the firewall to make sure that it is allowing netflow traffic to pass to the Faddom server. The netflow packets are UDP packets that are sent from the management ip addresses of each of the ESX host servers. The firewall needs to allow these packets to be sent from the ESX host ip addresses to the Faddom server/sensor.
 
5) Check the discovery scope
If you are receiving netflow traffic at the sensor, but do not see traffic in Faddom, check the discovery scope settings.
Go to Settings -> Discovery scope and make sure that the relevant subnets are defined and that they are participating in the discovery. If a subnet is marked as not participating in the discovery, then all traffic from the subnet is filtered out.
 
Sensor Deployment:
1) Check the Faddom Sensors:
Go to Settings -> Sensors and make sure that you have a sensor for each ESX host that you wish to get traffic for and that the sensors are available. If there is a red X, then the server failed to communicate with the sensor. Make sure that the firewall is allowing traffic from the Faddom server to the sensor. If you have multiple sensors, make sure they are all available.
 
2) Check the network cards are connected to the Faddom sensors
Each of the Faddom sensors should have multiple network cards in VMware. Make sure that all of the network cards are connected (in the settings of the VM).
 
3) Check the port groups that the sensors are connected to. There should be a port group on each of the switches that you want to get traffic for. In the settings for each port group, the VLAN should be set to all, and under security, promiscuous mode should be set to Accept.
 
4) Make sure DRS is not enabled for the Faddom sensors. There should be a single sensor on each ESX host. If DRS is enabled, VMware might migrate sensors between hosts, causing there to be multiple sensors on some hosts, and no sensors on others. Make sure you have a single sensor on each ESX host and the DRS is disabled for them so they are not migrated.
 
 
If you still have issues getting data from VMware, please contact Faddom support at support@faddom.com
Was this article helpful?
0 out of 0 found this helpful

Comments